package com.earogya.springsecurity.security;

import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.userdetails.UserDetailsService;

/**
 * 
 * Interface to change the user's password
 * 
 * @author Ureka
 *
 */
public interface ChangePasswordInterface extends UserDetailsService {

	/**
	 * Changes the user's password. Note that a secure implementation would require
	 * the user to supply their existing password prior to changing it.
	 * 
	 * @param username the username
	 * @param newPassword the new password
	 *  @param oldPassword the current password
	 */
	@PreAuthorize("#username == principal.username and hasRole('ROLE_USER')")
	String changePassword(String username, String newPassword, String oldPassword);

}